Contact

What's under the hood

Technology

Detectify is the newest and most exciting SaaS vulnerability scanner on the market.

We strive to be the very bleeding edge of web application security and serve it in a way that fits
companies who wish to step up from traditional and difficult installations to a click-of-a-button modern
solution.

What we do

We perform automatic penetration tests against web applications, based on the OWASP Top 10 specifications,
seemingly magic fingerprinting of content management systems, and the very latest trends in vulnerability
research.

Features

To deliver the absolute best quality we check for the absolute latest vulnerabilities combined with
having no limits on how many pages we crawl gives us a total coverage of your site.

The Crawler

Our crawler does not have a cap on any specific limit of URL’s like most of our competitors does. We aim to
find all unique code flows on which vulnerabilities may reside, without missing anything of relevance. We do
that by finding similarities between different URL’s as well as repeating content by the use of a
sophisticated system of clustering algorithms. In other words, we crawl until there's no more content of
relevance instead of stopping at a fixed number of URL's. Do you know the size of your website? Most
organization don’t as there is a large share of automatic and hidden pages.

Our auditing modules may also find information leakages in your platform (e.g. unlinked files), which in
turn may lead to further links to crawl. We do all this to cover as much of your application as possible. We
do not believe in caps.

All our findings are classified according to the
CVSSv2
specifications in order to make it easier for you as a developer to prioritize the threats.

The Infrastructure

We do all this from the Amazon AWS cloud. What that means is that we scale up our capacity the more users
there are, without having our scanner compromise on the effort put in on your penetration tests.

The Detectify Engine

A scan is completed in six phases, each individually explained in detail below.

Information Gathering

During the initial phase we try to learn as much as possible about your infrastructure, by, for example,
identifying subdomains and hosts. Anyone in your corporation may put a web application wide open to the net
in the scope of your domain. Most of the time, those applications may be forgotten. We will find them.

Crawling

After collecting the initial information, Detectify will move on to crawl your web application to find as
many unique URLs as possible within the scope of your domain. While doing this, we’re keeping an eye on the
content to make sure that it’s of no harm to you.

Information Analysis

During this phase we analyze the collected data from the previous phases. We look for incorrectly configured
login forms, error messages, database backups and other common flaws and mistakes based on static source
code analysis. We also scan for malware using
VirusTotal and its
many anti-virus solutions.

Fingerprinting

This phase is used for extended fingerprinting of the domains and the software they run. We will, for
example, try to resolve the CMS (if any), the technology stack, the operating system and so forth. All this
to customize the vulnerability scanning in the next phase.

Exploitation

This is what it all comes down to. Based on the information gathered in the previous phases, Detectify
performs extensive tests using known pentesting methods as well as the very latest methods in web security.

Finalization

During this phase we finalize your report and remove any “false positives” that we could detect. When we’re
done you will get an email with a link to your report. However, if you were curious and watched the live
report, this won’t be any new information for you.

How we handle security

As we are are security company, we really care about your and our own data. We also like to be
transparent about our policies and security practices. That being said, this is our model.

Encrypted data

Your password is encrypted using the key derivation algorithm bcrypt.
This means that any potential leak of user data from our servers will remain encrypted.
This is to ensure that your data will never be put at risk.

Your data is also not stored on any of our web servers,
instead we store all sensitive data on dedicated database servers, out of reach for any attacker.

Protected reports

The reports are stored on dedicated database servers out of reach from the web servers.
The reports are protected from SQL injections by the means of data segregation and prepared statements.
If an attacker against all odds were to pull off a SQL injection attack,
the only report data he would get would be his own.

The web servers cannot directly communicate with any report database.
All layers of the service happen in different networks to reduce the risk of compromise.

Secure communication

All our endpoints are encrypted using the TLS protocol suite (the successor of SSL).
Even internal communication between subsystems empowers encrypted communication.
We do so just to really tighten up the transport security and prevent you from man-in-the-middle attacks.

In fact, you cannot even visit detectify.com using cleartext HTTP in neither Chrome, Firefox, IE or Edge.
Chances are the web browser you're currently using have a little bit of text stating that "detectify.com" is a protected domain were plaintext HTTP is not allowed.

Well tested security

As we perform automated security tests, we also practice what we preach. We do the very best in order to
keep our platform up to date from the latest security threats. We’re a small team, and we’re not more than
human. Therefore we encourage you to report any vulnerabilities, flaws and bugs you come across by
participating in our
responsible disclosure program.

Questions?

Do you have any questions about our security, or perhaps your own? If so, feel free to
contact us!